svn commit: samba r20141 - in branches/SAMBA_4_0/source/libcli/ldap: .

metze at samba.org metze at samba.org
Tue Dec 12 22:43:36 GMT 2006 

Author: metze
Date: 2006-12-12 22:43:35 +0000 (Tue, 12 Dec 2006)
New Revision: 20141

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20141

Log:
use the gensec_features of the cli_credentials for ildap connections,
instead of hardcoded GENSEC_FEATURE_SEAL.

That means plain LDAP is now the default.

metze
Modified:
   branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c	2006-12-12 22:41:42 UTC (rev 20140)
+++ branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c	2006-12-12 22:43:35 UTC (rev 20141)
@@ -28,6 +28,7 @@
 #include "lib/tls/tls.h"
 #include "auth/gensec/gensec.h"
 #include "auth/gensec/socket.h"
+#include "auth/credentials/credentials.h"
 #include "lib/stream/packet.h"
 
 struct ldap_simple_creds {
@@ -211,7 +212,7 @@
 	int count, i;
 
 	const char **sasl_names;
-	
+	uint32_t old_gensec_features;
 	static const char *supported_sasl_mech_attrs[] = {
 		"supportedSASLMechanisms", 
 		NULL 
@@ -225,10 +226,12 @@
 
 	/* require Kerberos SIGN/SEAL only if we don't use SSL
 	 * Windows seem not to like double encryption */
-	if (!tls_enabled(conn->sock)) {
-		gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
+	old_gensec_features = cli_credentials_get_gensec_features(creds);
+	if (tls_enabled(conn->sock)) {
+		cli_credentials_set_gensec_features(creds, 0);
 	}
 
+	/* this call also sets the gensec_want_features */
 	status = gensec_set_credentials(conn->gensec, creds);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to set GENSEC creds: %s\n", 
@@ -236,6 +239,9 @@
 		goto failed;
 	}
 
+	/* reset the original gensec_features */
+	cli_credentials_set_gensec_features(creds, old_gensec_features);
+
 	if (conn->host) {
 		status = gensec_set_target_hostname(conn->gensec, conn->host);
 		if (!NT_STATUS_IS_OK(status)) {

More information about the samba-cvs mailing list